US Government Warns of Insider and Ransomware Threat to Water Plants
The FBI, Cybersecurity and Infrastructure Security Agency (CISA) the NSA, and the Environmental Protection Agency (EPA) have issued a joint alert due to ongoing malicious cyber activity targeting the water and wastewater systems sector. The alert mentioned tactics, techniques, and procedures being used by several malicious actors in an attempt to compromise IT systems. These consist of spear-phishing, exploitation of insecure RDP, targeting unsupported or outdated operating systems and software, and more.
The alert highlights multiple incidents that have occurred in a two-year time span, including an attack on a New Jersey-based water and waste services facility, an attack on a Nevadan plant, and an attack on a California-based WWS site. The advisory also mentions a 2019 incident in which a former employee at a plant in Kansas was able to access and shut down some key processes used to disinfect water. The agencies noted that the alert does not necessarily mean that the WWS sector is being targeted more than other industries, the advisory was to spread awareness about ongoing cyber risks to their operations.